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CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and 
listings, of claims in the application: 

Listing of Claims: 

1 (currently amended) . A method for authenticating a data set 
between a proving unit and a verifying unit, which . comprises 
the steps of : 

a) communicating the data set from one of the proving and 
verifying units to a respective other of the proving and 
verifying units such that the data set is in an unencrypted 
form to both the proving and verifying units after completing 
step a) / . 

b) generating at least one data element in the verifying 
unit; 

c) using the verifying unit to encrypt the data element in a 
first cryptographic encryption method using a public key of 
the proving unit resulting in at least one encrypted data 
element, and the public key is known to the verifying unit_^ 
performing the first cryptographic encryption method using 
discrete exponentiation in a semigroup with the steps of: 

- Page 3 of 17 - 

PAGE 3/17 * RCVD AT 7/3012007 12:43:51 PM [Eastern Daylight Time] ■ SVR:USPT0-EFXRF-1/16* DNIS:2738300 ■ CSID:9549251101 ■ DURATION (mm-ss):03-26 



07-30-' 07 12:37 FROM-LGS PatentUSA 9549251101 T-367 P004/017 F-254 



using the verifying^ unit to generate a number t 6 T, 
where T is a subrange of integers; 

using the verifying unit to calculate element h f(t> e H, 
where f : T — > T r is a mapping into a subrange T" of the 
integers/ which is not necessarily different from T, H 
represents a multiplicatively written semigroup generated 
by element h, with a discrete exponentiation of a base h 
as a one-way function in the semigroup H; 

usin g the verifying unit to calculate from the public 
key, k p u b = h g(d) e H, element 7r(k D ub f<t) ) e G, where n : H -> 
G specifies a mapping of the semigroup H Into a group G, 
d = k p ri v e T is the private key which is accessible only 
to the proving unit, and a mapping t -> h f<t) — > 7r(h f(t) ) 
from the subrange of the integers T to the group G 
represents a one-way function; and 

using the verifying unit to encrypt the data element, z, 
by a combination with respect to the encrypted data 
element, z T = z % (,ko U b f {t) ) e G ; 

d) communicating the encrypted data element from the 
verifying unit to the proving unit; 
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e) using the proving unit to decrypt the encrypted data 
element in a first decryption method, assigned to the first 
cryptographic encryption method, using a private key known 
only to the proving unit and using- discrete exponentiation in 
a semigroup ; 

f) using the proving unit to calculate, from the data set to 
be authenticated, in a second cryptographic method, an 
authenticator dependent on the data element; 

g) communicating the authenticator from the proving unit to 
the verifying unit; - 

h) 1 using the verifying unit to check the authenticator with 
an aid of an authentication checking algorithm, assigned to 
the second cryptographic method using the data element and the 
data set; and 

i) accepting the data set as communicated by the proving unit 
to the verifying unit is dependent on a result of the check 
performed in step h) . 

2 (original) . The method according to claim 1, which further 
comprises during the step a) , using the proving unit to 
communicate the data set in unencrypted form to the verifying 
unit* 
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3 (original). The method according to claim 1, which further, 
comprises using the verifying unit to generate the data set as 
a random element and subsequently, in the step a) / 
communicating the data set to the proving unit. 

4 (original) . The method according to claim 1, which further 
comprises during the step h) : 

forming the authentication checking algorithm to be 
substantially identical to the second cryptographic method for 
authenticator generation; 

applying the authentication checking algorithm by the 
verifying unit to the data element and the data set fQr 
forming a reference authenticator; and 

comparing the reference authenticator with the authenticator. 

5 (original) . The method according to claim 1, which further 
comprises during the step h) : 

forming the authentication checking algorithm with a 
decryption method corresponding to the second cryptographic 
method for generating the authenticator for an associated 
encryption method; 
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applying the authentication checking algorithm by the 
verifying unit to the authenticator by decryption for forming 
a reference data element and a reference data set; and 

comparing the reference data element and the reference data 
set with the data element and the data set. 

6 (original) . The method according to claim 1, which further 
comprises: 

repeating steps b) f c) , d) and e) for generating at least one 
further data element before performing the step f ) ; and 

using the proving unit to encrypt the data set to be 
authenticated in step f) in a manner dependent on the data 
element and the further data element to form the 
authenticator . 

7 (canceled) „ 

8 (canceled) . 

9 (canceled) . 
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10 (currently amended) . The method according to claim 1. 
[[9]], which further comprises during the step d) , in addition 
to the encrypted data element, using the verifying unit to 
communicate the element h f(t> e H to the proving unit. 

11 (original) . The method according to claim 10 / which 
further comprises performing the first cryptographic 
decryption method by the steps of;. 

using the proving unit to calculate the element k pU b C(t) e H 
using function f, the element h f(tl e H and the private key d 
known only to the, proving unit; 

using the proving unit to calculate an inverse element 
7i 1 (k pvb f(t> ) e G with respect to element n (k pub f (t) ) e G; and 

using the proving unit to decrypt the encrypted data element 
by a combination of the encrypted data element with inverse 
element: z = z * on 1 ( k pub f (t) ) , where the first cryptographic 
decryption method is based on the same mappings f, n and the 
same combination o as the first cryptographic encryption 
method. 
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12 (previously presented) . The method according to claim 11, 
which further comprises performing the second cryptographic 
method with the steps of: 

using the proving unit to calculate, from the at least one 
unencrypted data element z, an element g 2 - ni(z) e Gi and an 
element g 2 » rc 2 {z) e G 2 / where Gi and G 2 represent groups where 
Gi <= G 2 and «i r G Gi and n 2 : G — > G 2 represent functions 
which map elements of the group G onto the groups Gi or G 2 ; 

using the proving unit to transform the data set to be 
authenticated m, to form an element g 1 - {gi * m) with a group 
combination * in Gx; and 

using the proving unit to calculate the authenticator D, by. D 

inj{g r ) • g 2 with the group combination • in G 2r where the 
mapping inj : Gi -> G 2 maps elements from Gi injectively into 
G 2 . 

13 (original) , The method according to claim 1, which further 
comprises performing the following steps before performing 
step b) : 

using the proving unit to communicate the public key with a 
certificate of a trust center; 
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using the verifying unit to check a validity of the public key 
of the proving unit using a certification method; and 

using the verifying unit to continue the communication with 
the proving unit in a manner dependent on a result of the 
check. 

14 (original) . The method according to claim 1, which further 
comprises : 

forming the proving unit as an integrated circuit on a smart 
card; and 

forming the verifying unit as a smart card terminal. 

15 (original) . The method according to claim 1, which further 
comprises forming the proving unit as an integrated circuit in 
an identification/authentication token which is fixedly 
connected to a non-localized object. 

16 (original). The. method according to claim 14, which 
further comprises performing the communication between the 
proving unit and the verifying unit contactlessly. 
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17 (currently amended) . Tho method occording to claim 8/ 
which further oomprioco A method for authenticating a data 
set, between a proving unit and a verifying unit, which 
comprises the steps of: 

a) communicating the data set from one of the proving and 
verifying units to a respective other of the proving and 
verifying units such that the data set is in an unencrypted 
form to both the proving and verifying units after completing 
step a) ; 

b^ generating at least one data element in the verifying 
unit; 

c) using the verifying unit to encrypt the data element in a 
first cryptographic encryption method using a public key of 
the proving unit resulting in at least one encrypted data 
element, and the public ke y is known to the verifying unit, 
performing the first cryptographic encryption method using 
discrete exponentiation in a semigroup and an algorithm based 
on elliptical curves with the steps of: 

using the verifying unit to generate a number t e T, 
where T is a subrange of integers; 
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using the verifying unit to calculate element h flt) e H, 
where f : T -> T' is a mapping into a subrange T* of the 
integers, which is not necessarily different from T, H 
represents a multiplicatively written semigroup generated 
by element h, with a discrete exponentiation of a base h 
as one-way function in the semigroup H; 

using the verifying unit to calculate from the public 
key, k pub = h f<d) e H, element n ( k pub f <fc) ) e G, where n : H 
G specifies a mapping of the semigroup H into a group G, 
d a kpriv e T is the private key which is accessible only 
to the proving unit, and a mapping t -» h f<t) -> rc(h f(t> ) 
from the subrange of the integers T to the group G 
represents a one-way function; and 

using the verifying unit to encrypt at least one data 
element, z, by a combination with respect to the 
encrypted data element, z» - z ° 7u{k pub f(t) ) e Gj_ 

d) communicating the encrypted data element from the 
verifying, unit to the proving unit; 

e) using the proving unit to decrypt the encrypted data 
element in a first decryption method, assigned to the first 
cryptographic encryption method, using a private key known 
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only to the proving unit and using discrete exponentiation in 
a semigroup being an algorithm based on elliptical curves; 

f ) using the proving unit to calculate, from the data set to 
be authenticated, in a second cryptographic method, an 
authenticator dependent on the data element; 

g) communicating the authenticator from the proving unit to 
the verifying unit; 

h) using the verifying unit to check the authenticator with 
an aid of an authentication checking algorithm/ assigned to 
the second cryptographic method using the data element and the 
data set; and 

i) accepting the data set as communicated by the proving unit 
to the verifying unit is dependent on a result of the check 
performed in step h) . 

18 (original) , The method according to claim 17, which 
further comprises during the step d) , in addition to the 
encrypted data element, using the verifying unit to 
communicate the element h £(C> e H to the proving unit. 
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19 (original) . The method according to claim 18, which 
further comprises performing the first cryptographic 
decryption method by the steps of: 

using the proving unit to calculate the element k pilb £<t) e H 
using function f, the element h f(t) e H and the private key d 
known only to the proving unit; 

using the proving unit to calculate an inverse element 
(k P ub f(t) ) e G with respect to element n (k pub f <t} ) e G; and 

using the proving unit to decrypt the encrypted data element 
by a combination of the encrypted data element with inverse 
element: z = z 1 °n' (k pub f (t) ) , where the first cryptographic 
decryption method is based on the same mappings f, n and the 
same combination o as the first cryptographic encryption 
method. 

20 {previously presented) . The method according to claim 19, 
which further comprises performing the' second cryptographic 
method with the steps of: 

using the proving unit to calculate, from the at least one 
unencrypted data element z, an element g2 = 7Ci(z) e Gi and an 
element g 2 = 7t 2 (2) e G 2 , where Gi and G2 represent groups where 
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Gi e G 2 and Jii : G -> G x and 7i 2 : G -» G 2 represent functions 
which map elements of the group G onto the groups Gi or G 2 ; 

using the proving unit to transform the data set to be 
authenticated m, to form an element g 1 = (gi * m) with a group 
combination * in Gi; and 

using the proving unit to calculate the authenticator D, by D 
= inj(g') • g 2 with the group combination • in G 2 , where the 
mapping inj : Gi -> G 2 maps elements from Gi injectively into 
G 2 * 

21 (original) . The method according to claim 15, which 
further comprises performing the communication between the 
proving unit and the verifying unit contactlessly . 
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